Stirling-PDF icon indicating copy to clipboard operation
Stirling-PDF copied to clipboard
Published 2 weeks ago verified publisher icon Stirling-Tools

/health and /actuator/health endpoints return 401 when security is enabled (2.0.3 regression)

Open AKhozya opened this issue 1 month ago • 2 comments

It seems it's a regression between 2.02 and 2.03

Description

When security.enableLogin: true is set, all standard health endpoints require authentication and return HTTP 401. This breaks Kubernetes liveness/readiness probes, Docker healthchecks, and load balancer health checks.

Affected Endpoints

Endpoint Expected Actual
/health 200 401
/actuator/health 200 401
/healthz 200 401
/readiness 200 401
/liveness 200 401

Workaround

Using /api/v1/info/status which returns {"version": "2.0.3", "status": "UP"} without authentication.

Expected Behavior

Health check endpoints should be whitelisted from authentication to support:

  • Kubernetes liveness/readiness probes
  • Docker HEALTHCHECK
  • Load balancer health checks
  • Orchestration platforms

Environment

  • Version: 2.0.3-fat
  • Security: enableLogin: true with OAuth2/OIDC
  • Platform: Kubernetes

Suggested Fix

Add health endpoints to the security whitelist in SecurityConfiguration.java:

.antMatchers("/health", "/actuator/health", "/healthz", "/liveness", "/readiness").permitAll()

AKhozya avatar Dec 03 '25 21:12 AKhozya